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NOTBS/COMMENTSt 




Dear Sir: 





Please find attached a Substitute Appeal Brief, filed now in response to the Examiner's 
May 25, 2006 NotiJ&cation of Non-Compliant Appeal Brief. This Notification was filed 
due to the inadvertent lack of a listing of support, in the specification or drawings, for 
claimed subject matter described in the summary of the invention. Such listing is now 
provided in the attached Substitute Appeal Brief. 



Best regards, 




James E, Boice 
Attorney for Appellants 



This fejc from the kw firm of DUlon 6l YudeU LLP contains infonnation that is confidential or privileged, ot 
both. This information is intended only for the me of the individual or entity named on this hx cover letter. 
Ajocy di$dosute, copfixxg, distribution or use of this tnfi^cmation by any per$on other than the iixtended 
recipient is prohibited. If you hacve received thifi m tttot, please notify us by telephotic ixom^ediately at 
512.343.61 16 so that we can arrange for the xetrieval of the tcansmitced documents at no cost to you. 
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CENTRAL PAX CEMTER 

JUN 0 1 2006 

IN THE UNITED STATES PATENT AND TRADEMARK OFUCE 
BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES 

ATTY. DOCKET NO.: AUS920010978US1 
IN RE APPLICATION OF: § 

§ 

DAVID YU CHANG, ETAL. § EXAMINER: CHRISTOPHER J. BROWN 

§ 

SERIAL NO.: XO/062^48 § 

§ 

FILED: 31JANUARY2002 § ART UNIT: 2134 

§ 

FOR: MULTIPLE SECURE § 
SOCKET LAYER KEYFILES § 
FOR CLIENT LOGIN § 
SUPPORT § 

SUBSTITUTE APPEAL BRIEF UNDER 37 C.P.R. 4137 

Mail Stop Appeal Briefis - Patents 
Commissioner for Patents 
P.O. Box 1450 

Aleicandria, Virgima 22313-1450 
Sir: 

This Substitute Appeal Briefis submitted in siq)port of the Appeal of the Examiner's final 
rejection of Claims 1-12 in the above-identified a{>plication. A Notice of Appeal was filed ia this 
case on February 24, 2006 and received in the United States Patent and Trademark Of&ce on 
February 24, 2006. An original ^rpeal brief was filed on March 21, 2006. 

This substitute brief is filed in response to a May 25, 2006 Notification of Non- 
Compliant Appeal Brief, for failing to list in the specifications or drawings where support for 
each claim is found. This support is eiqjressly stated in the arguments of the original appeal 
brief, but not in the summary. Appellants i^ologize for the oversight. 

Appellants do not believe ^lat any additional fees are due for filing fhis sxibstitute ^>peal 
brief. In the event that such fees are due, please charge such fees, as well as any additional 
required fees, to IBM CORPORATION DEPOSIT ACCOUNT No. 09-0447. 
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CERTIFICATE OF MAILING OR TRANSMISSION [37 CFR 1.8(A)J 

I hereby certify that this correspondence is being: 

^deposited v/i^b. the U.S. Postal Service on the date shown below with suMcient postage as First Class Mail ixx an 
envelope addressed to: Coiimiissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450. 

El transmitted by facsinule on tibe date shown below to the U.S. Patent and Trademark Ofifice at (57 1) 273-S300. 



Date 



Jaxmcs E. Boice 
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REAL PARTY IN INTEREST 
The real party in interest in the present Application is International Business Machdnes 
Corporation, tiie Assignee of the present application as evidenced by the Assignment set forth at 
reel 012576, frame 0214. 

RELATED APPEALS AND INTERJTERENCES 
There are no other appeals or interferences known to Appellants, the Appellants* legal 
repres«itative, or assignee, which directly affect or would he dir^y affected by or have a 
bearing on the Board's decision in the pending appeal. 

STATUS OF CLAIMS 
Claims 1-12 stand finally rejected by the Examiner as noted in the Final Office Action 
dated December 9, 2005, The rejection of Claims 1, 5 and 9 under 35 U,S.C. § 112, first and 
second paragraphs; and the rejection of Claims 1-12 under 35 U.S.C. § 103(a) axe appealed. 

STATUS OF AMENDMENTS 
No amendments to fhe claims have been made subsequent to the Decemb^ 9> 2005 Final 
Office Action from which this Appeal is filed. 

SUMMARY OF THE CLAIMED SUBJECT MATTER 

As recited by Appellants' indqpendent Claim 1, Appellants* invention provides a method 
for establishing a secure connection to a server for a specific user of a client computer on a 
network utilizing a Secure Sockets Layer (SSL) systetu- The method comprises the following 
steps: 

(1) storing a plurality of keyfilea for different users in a data storage that is accessible 
only to a client computer (as supported by Figure 2 and on page 10, lines 5-17 of the present 
specification), each of said keyfiles comprising a uni<]ue private cxyptology key, a corresponding 
public cryptology key, and a name of a Certificate Authority (CA) that issued the unique private 
cryptology key and the corresponding pnbhc cryptology key for a specific user (as supported on 
page 9, line 26 to page 10, line 3 of the present specification); 
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(2) storing a plurality of passwords in said data storage, each, of said passwords being' 
associated with a respective keyfile, each of said passwords being capable of opening only one of 
said keyfiles (as supported on page 1 2 lines 4-8 and Figure 2 of the present specification); 

(3) in response to receivijag one of said passwords input from the specific user> 
opening said one of said keyfiles associated with said one of said passwords and said specific 
user (as su^orted on page 12, lines 21-24 and Figure 6 of the present specification); and 

(4) transmitting from said client computer to a server a digital certificate firom said 
open keyfile to enable said s^er to authenticate an identity of said specific user firom a plurality 
of users who are authorized to use said client computer, wherein a secure connection is 
established with the sedrver for the specific user (as supported on page 12, lines 25-29 and Figure 
6 of tiie present specification). 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

A. The Examiner's rejection of Claims 1^ 5 and 9 under 35 U.S.C. § 112, first paragraph, is 
to be reviewed on Appeal. 

B. The Examiner's rejection of Qajms 1, 5 and 9 under 35 U.S.C. § 112, second paragraph^ 
is to be reviewed on Appeal. 

C. The Examiner's rejection of Claims 1, 2, 4-6, 8-10 and 12 as being unpatentable under 35 
use 103(a) over Wrench Jr. (U,S, Patent Application Publication No. 2002/0104025 - 
'Wrench'") in view of Sasaki, et al, (U.S. Patent No. 6,378,071 - "SasakT') and 
Schneier's pxib'liQSi&on ^'Applied Cryptography" (iSchneier); and Claims 3, 7 and 11 under 
35 use 103(a) over Wrench in view of Sasaki and Sckneier and Norris, et aL (U.S. 
Patent Application Publication No. 2002/0095568 - "iVbrriy**), is to be reviewed on 
Appeal. 
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ARGUMENTS 

A. The Examiner's rejection of Claims 1, 5 and 9 under 35 U.S.C. § 1 12, first paragrapiu 

The Examiner's rejection of Claims 1, 5 and 9 is improper since the phrases '^data 
storage that is accessible only to a client computer*^ and '^opening only one of said 
keyfiles" are supported by the specification* 

The Exacoiner has rejected Claims 1, 5 and 9, stating that the limitation "storing a 
plurality of keyfiles for different users in a data storage that is accessible only to a clicait 
computer^' is not supported by the specificatiorL However, this feature is supported^ inter aHa, 
on page 12, lines 21-26, of the present specification, which discusses protecting access to 
keyfiles. Specifically, the specification states that a user must enter a password to access the data 
storage via a GUI on "display 32 using GUI application 40, shown in Figures 3 and 4, 
respectively^ for the user's password 22 that will unlock that user's keyfile 24 containing the 
user's digital certificate and private key found in authentication data 42 as described in Figure 
4." Thus, since only a local input to the client computer will be afford access to the keyfiles, 
tben the data storage is accessible only to the cUent computer. 

The Examiner has also rejected Claims 1, 5 and 9, stating that the limitation "each of said 
passwords being capable of opening only one of said keyfiOles" is not sirpported by the 
specification. However, this feature is supported, inter alia, on page 12 line 8, in which *TEach of 
ttie multiple users has a unique keyfile 24." As stated on page 10, lines 10-12, the **user 
identified by user identifier 15a ("User ID 1") enters password 22a ("Passwordl") to open 
keyfile 24a ("Keyfile 1**)- Thus each of the passwords is "capable of opening only one of said 
keyfiles," such that "in response to recdving one of said passwords input fix>m the specific user, 
opening said one of said keyfiles associated with said one of said passwords and said specific 
user," 

Thus, this rejection is not well founded and should be reversed. 
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B. The Examiaer's rejection of Claims 1, 5 and 9 under 35 U.S.C. § 112, second paragraph. 

The Examiner's rejection of Claims 1, 5 and 9 is improper since the phrase "ttie 
specific user'^ has support in the preambles of the claims. 

The Examiner has rejected Claims 1, 5 and 9 for lack of antecedent basis of the tenn "the 
specijSc user." However, the term "a specific user," to which the term '*the specific user^' refers, 
is fouad in the preamble of the claim, and thus has sufiBicient antecedent basis. (MPEP 
706.03(d)) 

Thus, this rejection is not well founded and should be reversed. 

C. The Examiner's rejection of Claims 1, 2, 4-6, 8-10 and 12 as being ui:?)atentablc under 35 
use 103(a) over Wrench Jk (U,S. Patent AppUcation Publication No. 2002/0104025 - 
"Wrench'") in view of Sasaki, et al (U.S. Patent No. 6,378,071 - "&xyafa") and 
Schneier's publication "Applied Cryptography** (Schneier); and Claims 3, 7 and 1 1 under 
35 use 103(a) over Wrench in view of Sasaki and Schneier and Norris, et al (U.S. 
Patent AppUcation Publication No. 2002/0095568 - ''Norris'"). 

The Examiner's rejection of Claims 1-12 is improper since the cited prior art does 
not teach or suggest all of the limitations of the claims. 

With reference to exemplary Claim 1, fiie cited art does not teach or suggest the 
limitation of ^*storing a plurality of keyfiles for different users in a data storage that is accessible 
only to a client computer." Sasaki teaches in Figure 3, and col. 5, lines 40-45, ihat ttie CPU in 
the client computer is to "determine whether the input user ID and password accords with a 
registered user ID and password." However, there is no teaching or suggestion of tibte limitation 
that the data storage is accessible only to the client computer. Rather, in Sasaki the data storage 
may be accessible through any cli^t computer, as long as the user knows the correct user ID and 
password. 
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Fuitheimore, the cited art does not teach the Jitmtations of "storing a plurahty of keyfile$ 
for different ijseis*^ and "in response to receiving one of $aid passwords input from the specific 
user, opening said one of said keyfiles associated with said one of said passwords and said 
specific user'* (i.e., each of the keyfiles axe password protected for a specific user). This feature 
is supported, inter alia, hy Figure 4 and the related text. While Wrench teaches that a private key 
may be password protected (paragrs?>h [0028]), there is no suggestion of storing a different 
keyfile for each of a plurality of different users. Similarly, while Sasaki teaches that a password 
and E) checker (user authentication unit 2) may check to see if a password and DD are correct for 
opening a file, there is no suggestion of multiple "users" having different 'Iceyfiles." Thus, this 
feature is not tau^t or suggested by the cited art 

As the cited art does not teach or suggest all of the limitations of the presently claimed 
invention, this rejection is not well founded and should be reversed. 
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CONCLUSION 

Appellants have pointed out wilii specificity Hie manifest enror in the Bxanoixxer's 
rejections, and Hoc claim language which renders the invention patentable over the various 
combinations of references. Appellants, therefore, respectfully request that this case be 
remanded to the RKaminer wiih instructions to issue a Notice of Allowance for all pending 
claims. 



Respectfully submitted. 




Reg. No. 44,545 

DILLON & YODELL LLP 

8911 N. Capital of Texas Hi^way 

Suite 2110 

Austin, Texas 78759 

512-343-6116 

ATTORNEY FOR APPELLANTS 
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CLAIMS APPENDIX 

1. A method for establishing a secure coimection to a server for a sfpecific user of a client 
computer on a network utilizing a Secure Sockets Layer (SSL) system, said method comprising: 

storing a plurality of keyfiles for different users in a data storage that is accessible only to 
a client computer, each of said keyfiles comprising a unique private cryptology key, a 
corresponding public cryptology key, and a name of a Certificate Authority (CA) that issued the 
unique private cryptology key and the corresponding pubhc cxyptology key for a specific user; 

storing a plurality of passwords in said data storage, each of said passwords being 
associated with a respective keyfile, each of said passwords being capable of opening oidy one of 
said keyfiles; 

in response to receiving one of said passwords input from the specific user, opening said 
one of said keyfiles associated with said one of said passwords and said specific user; and 

transmitting fix)m said climt computer to a server a digital certificate fix)m said open 
keyfile to enable said server to authenticate an identity of said specific user fi'om a plurality of 
users who are authorized to use said client computer, wherein a secure coimection is established 
with the server for the specific user. 

2. The method of claim 1 , fuitiher comprising: 

storing an auttxentication data for said specific user in said data storage, said 
authentication data comprising a imique identifier that corresponds to a password for said 
specific user; and 

identifying said specific user for opening a keyfile according to said unique identifier. 

3 . The method of claim 1 , further comprising: 

authenticating an identity of said specific user through a process of hashing, said process 
including the steps of: 

hashing a message into a hashed message usiag a hash function; 

encrypting said hashed message into an encrypted hashed message using 
said private cryptology key; and 



AnS920010978USl - Substitute Appeal Brief - 9 - SeHaJ ]^o. 10/062,348 



PAGEINtS'RCVDATme 3:58:27 PM [Eastern DayDght^^^^ 



JUH/01/2006/THU 02:57 PM DILLON & YUDELL, LLP FAX No. 5123436446 



P. 011/015 



transmittiiLg said hash function, said message and said eacrypted hashed 
message to said server. 

4. The method of claim 1, jfurther comprismg prompting said specific user for a password 
through a Graphical User Interface (GUI) in a display associated ^vith $aid cUent computer. 

5. A client computer for establishing a secure connection to a server for a specific user of 
the client computer on a network utilizing a Secure Sockets Layer (SSL) system, said client 
computer comprising: 

means for storing a plurality of keyfiles for different users in a data storage that is 
accessible only to a client computer, each of said keyfiles comprising a unique private 
cryptology key, a corresponding public caryptology key, and a name of a Certificate Authority 
(CA) that issued the unique private cryptology key and the corresponding public cryptology key 
for a specific user; 

means for storing a ptoality of passwords in said data storage, each of said passwords 
being associated with a respective keyfile, each of said passwords being capable of opening only 
one of said keyfiles; 

means for, in response to receiving one of said passwords input fix>m the specific user, 
opening said one of said keyfiles associated with said one of said passwords and said specific 
user; and 

means for transmitting firom said client computer to a server a digital certificate firom said 
open keyfile to enable said server to auflimticate an identity of said specific user from a plurality 
of users who are authorized to use said client computer, wherein a secure connection is 
established wi& the server for the specific user. 

6. The client computer of claim S, furth^ comprising: 

means for storing an authentication data for said specific user in said data storage, said 
authentication data comprising a unique identifier that corresponds to a password for said 
specific user; and 
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means for identifying said specific user for opening a keyfile according to said luuque 
identifier. 

7. The client coniputer of claim 5, further comprising: 

means for au&enticadng the identity of said specific user tiirough a process of hashing, 
said means for authenticating the identity of said specific user through said process of hashing 
including: 

means for hashing a message into a hashed message using a hash 
function; 

means for encrypting said hashed message into an encrypted hashed 
message using said private cryptology key; and 

means fox transmittirtg said hash flutiction> said message and said 
encrypted hashed message to said server. 

8. The client conxputer of claim 5, further contprising means for prompting said specific 
user for a password through a Graphical User Interface (GU!Q in a display associated with said 
client computer. 

9. A computer program {iroduct residing on a computer usahle medium for estahUshing a 
secure connection to a server fox a specific user of a chent computer on a network utilizing a 
Secure Sockets Layer (SSL) system* said computer program product comprising: 

program code means for storing a plurality of keyfiles for different users in a data storage 
that is accessible only to a client computer, each of said keyfiles comprising a unique private 
cryptology key, a coxresponding public cryptology key> and a name of a Certificate Authority 
(CA) that issued the unique private cryptology key and the corresponding public oryptology key 
for a specific user; 

program code means for storing a plurality of passwords in said data storage, each of said 
passwords being a^ociated with a respective keyfile, each of said passwords being capable of 
opening only one of said keyfiles; 



AUS920010978US1 - Substitute Appeal Brief - 11 - Serial No. 10/062348 



PA(£12/lS'RCVDAT6/1i2006 3:58:27 PM [Eastern Da^^^ 



JUM/01/2006/THU 02:58 PM DILLON & YUDELL, LLP 



FAX No. 5123436446 



P. 013/015 



program code means for, in response to receiving one of said passwords input from the 
specijSc user, opening said one of said keyfiles associated with said one of said passwords and 
said specific user; and 

program code means for transaoaitting from said client computer to a server a digital 
certificate from said open keyfile to enable said seiver to authenticate an identity of said specific 
user from a plurality of users who are authorized to use said clieixt computer, wherein a secure 
connection is established with the server for the specific user. 

10. The computer program product of claim 9, frirther comprising: 

program code means for storing an authentication data for said specific user in said data 
storage, said authentication data contprising a unique identifier that corresponds to a password 
for said specific user; and 

program code means for identiftdng said specific user for opening a keyfile accordixxg to 
said unique identifier. 

1 1 . The computer program product of claim 9, fbrther comprising: 

program code means for autibienticatmg the identity of the specific user through a process 
of hashing, said program code means including: 

program code means for hashing a message into a hashed message using a 
hash fimction; 

program code means for racrypting said hashed message into an encrypted 
hashed message using said private cryptology key; and 

program code means for transmitting said hash Amotion, said message and 
said encrypted hashed message to said server. 

12. The computer program product of claim 9^ further comprising: 

program code means for displaying a Graphical User Inter£ace (GUl^ in a display 
associated with said client computer; and 

program code means for prompting said specific user for a password through said GUI. 



Ai;S5^20010978USl - Substitute Appeal Brief - 12 - Serial No. 10/062348 



PAGE tariS'RCVDATms 3:58:27 PM[EasteniDayOghtT^^^ 



JUH/01/2006/THU 02:58 PM DILLON & YUDELL, LLP FAX No. 5123436446 P. 014/015 



EVIDENCE APPENDIX 

Other than the Office Actioxi(s) and r€ply(ies) already of record, no additiojOLal evidence 
has been entered by Appellants or the Examiner in the above-identified q[)plication which is 
relevant to this appeal. 
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RELATED PROCEEPmGS APPENDIX 

There are no related |«oceediag$ a$ descnbed by 37 CJ?.K §41.37(c)(lXx) known to 
Appellants, Appellants* legal representative, or assignee. 
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